Python Module for Android

Get help with module writing or platform code changes.

Moderator: carrier

Python Module for Android

Postby altin » Fri May 05, 2017 10:33 pm

Hello

I want to create a python data-source ingest module for an Android Phone which will be going to pass the data from database e.g com.facebook.orga/databases/messages.db into a BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT class. But my problem is that cannot show me the results even if the code has no error. I want the text column from database table to pass in TSK_INTERESTING_ARTIFACT_HIT, but I cannot find the way out

Please can you help me ?

The main python code from function process is showing below:

Code: Select all
 def process(self, dataSource, progressBar):

        # we don't know how much work there is yet
        progressBar.switchToIndeterminate()

        # This will work in 4.0.1 and beyond
        # Use blackboard class to index blackboard artifacts for keyword search
        blackboard = Case.getCurrentCase().getServices().getBlackboard()

        # Find files named contacts.db, regardless of parent path
        fileManager = Case.getCurrentCase().getServices().getFileManager()
        files = fileManager.findFiles(dataSource, "threads_db2")

        numFiles = len(files)
        progressBar.switchToDeterminate(numFiles)
        fileCount = 0;
        for file in files:

            # Check if the user pressed cancel while we were busy
            if self.context.isJobCancelled():
                return IngestModule.ProcessResult.OK

            self.log(Level.INFO, "Processing file: " + file.getName())
            fileCount += 1

            # Save the DB locally in the temp folder. use file id as name to reduce collisions
            lclDbPath = os.path.join(Case.getCurrentCase().getTempDirectory(), str(file.getId()) + ".db")
            ContentUtils.writeToFile(file, File(lclDbPath))
                       
            # Open the DB using JDBC
            try:
                Class.forName("org.sqlite.JDBC").newInstance()
                dbConn = DriverManager.getConnection("jdbc:sqlite:%s"  % lclDbPath)
            except SQLException as e:
                self.log(Level.INFO, "Could not open database file (not SQLite) " + file.getName() + " (" + e.getMessage() + ")")
                return IngestModule.ProcessResult.OK
           
            # Query the contacts table in the database and get all columns.
            try:
                stmt = dbConn.createStatement()
                resultSet = stmt.executeQuery("SELECT text FROM messages")
            except SQLException as e:
                self.log(Level.INFO, "Error querying database for contacts table (" + e.getMessage() + ")")
                return IngestModule.ProcessResult.OK

            # Cycle through each row and create artifacts
            while resultSet.next():
                try:
                    name  = resultSet.getString("text")
                except SQLException as e:
                    self.log(Level.INFO, "Error getting values from contacts table (" + e.getMessage() + ")")
               
               
                # Make an artifact on the blackboard, TSK_CONTACT and give it attributes for each of the fields
                art = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT)
                art.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(),
                    ContactsDbIngestModuleFactory.moduleName, name))

                # This will work in 4.0.1 and beyond
                try:
                    # index the artifact for keyword search
                    blackboard.indexArtifact(art)
                except Blackboard.BlackboardException as e:
                    self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
               
            # Fire an event to notify the UI and others that there are new artifacts
            IngestServices.getInstance().fireModuleDataEvent(
                ModuleDataEvent(ContactsDbIngestModuleFactory.moduleName,
                BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT, None))
               
            # Clean up
            stmt.close()
            dbConn.close()
            os.remove(lclDbPath)

           
        # After all databases, post a message to the ingest messages in box.
        message = IngestMessage.createMessage(IngestMessage.MessageType.DATA,
            "ContactsDb Analyzer", "Found %d files" % fileCount)
        IngestServices.getInstance().postMessage(message)

        return IngestModule.ProcessResult.OK
altin
 
Posts: 1
Joined: Fri May 05, 2017 10:09 pm

Return to Autopsy Developers Corner

Who is online

Users browsing this forum: No registered users and 1 guest

cron